Hacker News new | past | comments | ask | show | jobs | submit login

What if this is an attempt to smoke out the TrueCrypt devs?

While this move seems odd, the new binaries are properly signed and the domains have been updated accordingly. If this was another project, like Rails, the maintainer could come out and say they were hacked and the last good version was X. Otherwise, the project would likely die off.

But since we know so little about the TrueCrypt maintainers, there's little way for us to hear that this isn't legitimate. In order to keep the project from dying (if this is a hoax), they would have to prove that they are the maintainers, because any plausible deniability would undermine their claim that the change was not legitimate.




Wouldn't they just have to published a signed message stating that the change was not theirs and the key is compromised? Or better yet, revoke the key?

If two groups with opposing messages control the key, it's pretty clear that the key is compromised in some manner.


If 7.2 is part of the hoax, then they would be signing with a compromised key. This would be evidence, but would not be conclusive.


No, because the suggested "hackers" have published a signed message.


Doesn't matter. Publish another message signed with the same key saying "this key is compromised."


> If two groups with opposing messages control the key, it's pretty clear that the key is compromised in some manner.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: